Re: [opensuse] Unusual traffic through eth0



On 12/03/12 11:33, Per Jessen wrote:
Bob Williams wrote:

On 12/03/12 09:54, Per Jessen wrote:
Bob Williams wrote:

Last night, I noticed a regular pattern of blips in gkrellm's eth0
monitor. There were no internet active programs, such as e-mail or
web browser running, so I started Wireshark to see what was
happening.

Apart from the expected chatter between this machine and the router,
the following two lines repeated over and over, and it is continuing
on rebooting the machine this morning:

Source Destination Protocol Info
217.14.132.183 192.168.1.14 SIP Status: 100
Trying (0 bindings)
217.14.132.183 192.168.1.14 SIP Status: 401
Unauthorized (0 bindings)

Is this entirely innocent, or should I contact abuse@Domainmaster
(see below)?

Perhaps not entirely innocent (SIP attempts for VoIP), but I would
have thought your firewall should be blocking such traffic?


Really? I do run skype from time to time, and have tried out ekiga, so
maybe the SIP protocol is allowed.

Skype is proprietary, I don't know what ekiga does. SIP is "Session
Initiation Protocol" for standard VoIP. My Asterisk telephone server
is regularly flooded by SIP requests, bordering on a DoS attack.

Ekiga is a SIP client.

The only services I have explicitly allowed in YaST Firewall
Configuration are Rsync server, Secure Shell server and xntp server.

I would expect that to mean that the SIP traffic is dropped or rejected.
Maybe check your firewall log.

Well, the firewall log gives much the same information as wireshark.
Although it's irritating, I don't think I'm vulnerable so I'll just
monitor things for the time being.

The last time something like this happened I was being attacked through
ssh port 22, but they were definitely trying a dictionary attack with
various username & password combinations.

All the above traffic seems to be one way, in other words, I never see
my machine sending a reply, I am always the destination, never the
source.

Maybe gkrellm is reporting on traffic before the firewall drops it.

Maybe

Thanks, Bob
--
Bob Williams
System: Linux 3.1.9-1.4-desktop
Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2
(4.7.2) "release 5"
Uptime: 18:00pm up 5 days 0:29, 3 users, load average: 0.23, 0.15, 0.14
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx



Relevant Pages

  • need help with sip trunk (long)
    ... possible to whoever may be able to help me with this SIP trunk, ... Proxy Server Address: sip.tescointernetphone.com ... codec preference 2 g729r8 bytes 40 ... access-list 2 permit 192.168.1.0 0.0.0.255 ...
    (comp.dcom.sys.cisco)
  • Re: SIP mit asterisk
    ... Deinen 1&1 SIP Server als Friend festlegen ... Ein RTP Server Protokoll definieren (UDP empfangen-senden, ... Erstelle einen Computersatz mit der Adresse deiner Asterisk ...
    (microsoft.public.de.german.isaserver)
  • Re: SIP and ASP.NET Application
    ... If the SIP is enabled, when it appear, the entire page is moved and this ... on the device, neither costs of installation, easy and quickly developement: ... I would use the wireless pocket PC on all my application with this tecnique: ... >> the Server IIS ...
    (microsoft.public.pocketpc.wireless)
  • Re: [Full-Disclosure] SIP client for *nix
    ... if MS Exchange Server speaks standard SIP any *nix SIP Client should do at ... > We have an Exchange cluster that is running the new Exchange Messenger ... > server which runs SIP and TLS. ...
    (Full-Disclosure)
  • Re: Understanding voip and NAT
    ... Using a microphone and headphones this is can be done with SIP software ... STUN server there is no reason why successful connections should not be ... overcome the problems of traversing firewalls and NAT. ... Forward this port on the router to her machine. ...
    (Debian-User)